Another day, another security breach. Sega sent out a notice to Sega Pass users that its database had been hacked. The system has been offline since yesterday, and the company confirmed "unauthorized entry was gained." A timeline of when the intrusion occurred wasn't disclosed, but Sega assures users that it took action "immediately" and has launched an investigation.

Sega Pass member e-mails, dates of birth, and encrypted passwords were obtained by the intruders, but payment information is handled by a third-party, so credit card data isn't at risk. Sega does warn, however, that if you use similar usernames and passwords for other sites, you should change them.

In the meantime, Sega is resetting all passwords and suspending Sega Pass for the time being. The company says it will communicate when the service becomes available. "We sincerely apologise for this incident and regret any inconvenience caused." It recommends contacting customer support with further questions.

Though the hacker group LulzSec has claimed responsibility for a string of recentattacks, it isn't taking credit for this one. In a tweet, it asks Sega to contact them. "We want to help you destroy the hackers that attacked you," it read. "We love the Dreamcast, these people are going down."

It really should be standard internet policy to delete accounts that are not being paid for after a period of inactivity like, lets say 2 years. If you haven't used the service/login/whatever in 2 years you're probably not coming back anytime soon.

The huge push for "games as a service" led publishers to set up tons of "social club" sites and force DLC tie-ins. That's like ringing the dinner bell for hackers who want fresh lists of email addresses and credit card numbers. If the infrastructure was set up in a rush to coincide with game releases or new game initiatives, they're probably not the most secure frontends.